Description
Enable require_secure_transport on MySQL flexible servers.
Rationaleβ
SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and application.
Auditβ
From Azure Portalβ
- Login to Azure Portal using https://portal.azure.com.
- Go to
Azure Database for MySQL flexible servers. - For each database, under
Settings, clickServer parameters. - In the filter bar, type
require_secure_transport. - Ensure that the
VALUEforrequire_secure_transportisON.
From Azure CLIβ
Ensure the below command returns a value of on:
az mysql flexible-server parameter show --resource-group <resourceGroup> --server-name <serverName> --name require_secure_transport
From PowerShellβ
Ensure the below command returns a value of on:
Get-AzMySqlFlexibleServerConfiguration -ResourceGroupName <resourceGroup> -ServerName <serverName> -Name require_secure_transport
Default Valueβ
Azure Database for MySQL when provisioned through the Azure portal or CLI will require SSL connections by default.